+---------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| September 12th, 2005 Volume 6, Number 38n |
| |
| Editorial Team: Dave Wreski dave@private |
| Benjamin D. Thomas ben@private |
+---------------------------------------------------------------------+
Thank you for reading the LinuxSecurity.com weekly security newsletter.
The purpose of this document is to provide our readers with a quick
summary of each week's most relevant Linux security headlines.
This week, perhaps the most interesting articles include "Security
moves back into top 5 IT priorities," "Popular policies: keeping storage
secure," and "The Mobility Threat."
---
## Master of Science in Information Security ##
Earn your Master of Science in Information Security online from Norwich
University. Designated a "Center of Excellence", the program offers a
solid education in the management of information assurance, and the
unique case study method melds theory into practice. Using today's
e-Learning technology, you can earn this esteemed degree, without
disrupting your career or home life.
LEARN MORE:
http://www.msia.norwich.edu/linux_en
---
LINUX ADVISORY WATCH
This week, advisories were released for proftpd, sqwebmail, polygen,
affix, zsync, phpgroupware, webcalendar, pcre3, ntp, cvs, kdelibs,
evince, openmotif, cman, gnbd-kernel, dlm-kernel, lockdev, perl,
termcap, ckermit, kdegraphics, squid, pam, setup, tar, openssh,
tzdata, httpd, mplayer, and phpldapadmin. The distributors include
Debian, Fedora, Gentoo, and Red Hat.
http://www.linuxsecurity.com/content/view/120342/150/
---
Hacks From Pax: PHP Web Application Security
By: Pax Dickinson
Today on Hacks From Pax we'll be discussing PHP web application
security. PHP is a great language for rapidly developing web
applications, and is very friendly to beginning programmers, but
some of its design can make it difficult to write web apps that
are properly secure. We'll discuss some of the main security
"gotchas" when developing PHP web applications, from proper
user input sanitization to avoiding SQL injection
vulnerabilities.
http://www.linuxsecurity.com/content/view/120043/49/
---
Network Server Monitoring With Nmap
Portscanning, for the uninitiated, involves sending connection requests
to a remote host to determine what ports are open for connections and
possibly what services they are exporting. Portscanning is the first step
a hacker will take when attempting to penetrate your system, so you should
be preemptively scanning your own servers and networks to discover
vulnerabilities before someone unfriendly gets there first.
http://www.linuxsecurity.com/content/view/119864/150/
---
>> The Perfect Productivity Tools <<
WebMail, Groupware and LDAP Integration provide organizations with
the ability to securely access corporate email from any computer,
collaborate with co-workers and set-up comprehensive addressbooks to
consistently keep employees organized and connected.
http://ads.linuxsecurity.com/cgi-bin/newad_redirect.pl?id=gdn05
--> Take advantage of the LinuxSecurity.com Quick Reference Card!
--> http://www.linuxsecurity.com/docs/QuickRefCard.pdf
+---------------------+
| Security News: | <<-----[ Articles This Week ]----------
+---------------------+
* IptablesWeb v.1.0
8th, September, 2005
IptablesWeb is a free software (under GPL licence): it makes possible
to inspect iptables logs by using a web browser.
It's a plugin-based multilanguage software written in PHP using 3
free php classes.
http://www.linuxsecurity.com/content/view/120297
* Creating info society: Broadband and info security
6th, September, 2005
The explosion of spamming, hoaxes and cyber attacks has highlighted
just how vulnerable users are to security breaches and the steps they
need to take to protect themselves. While both dial-up and broadband
connections can be affected by such security breaches, an always-on
broadband connection is undoubtedly an easier target. This is because
the always-on nature of a broadband connection means that attacks and
hacking can happen around the clock, raising the stakes by comparison
with a computer that is only on for short periods. Luckily, there are
many tools available to make broadband connections secure and
attractive to users and potential users.
http://www.linuxsecurity.com/content/view/120310
* Big debate over small packets
8th, September, 2005
Fernando Gont is nothing if not tenacious. Earlier this year, the
Argentinian researcher highlighted several attacks that could disrupt
network connections using the Internet control message protocol, or
ICMP, and proposed four changes to the structure and handling of
network-data packets that would essentially eliminate the risk.
http://www.linuxsecurity.com/content/view/120329
* Cisco Issues Fixes for Vulnerable Web Routers
8th, September, 2005
Cisco alerted its customers Wednesday about a serious security flaw
in many of its Internet routers, which serve as key intersections in
channeling Web and e-mail traffic from point to point. Cisco Systems
Inc., based in San Jose, Calif., warned that attackers could use the
flaw to seize control over specified vulnerable routers.not most
routers currently in use.
http://www.linuxsecurity.com/content/view/120333
* MS wrong on security claims: Red Hat
6th, September, 2005
Red Hat is accusing Microsoft of getting its facts wrong in its
latest attack on Linux security.
In an update on security at Microsoft's recent world-wide partner
conference, the company's security head Mike Nash took aim at Linux
to single out Red Hat.
http://www.linuxsecurity.com/content/view/120309
* OpenSSH update fixes recent vulnerabilities
5th, September, 2005
The first fix prevents "GatewayPorts" from being "incorrectly
activated for dynamic ('-D') port forwardings when no listen address
was explicitly specified," according to the changelog.
http://www.linuxsecurity.com/content/view/120299
* Red Hat Unveils IT Courses
7th, September, 2005
Red Hat, the world's leading provider of open source solutions to the
Enterprise, announced the addition of Institute of Advanced Computing
Management (IACM) to their Authorised Training Partner Network, which
extends across India, Nepal, Bangladesh, Sri Lanka and Pakistan. Red
Hat's complete range of Training and Certification programs will now
be available at IACM.<P>
http://www.linuxsecurity.com/content/view/120320
* Security moves back into top 5 IT priorities
7th, September, 2005
With Labor Day weekend quickly vanishing into a memory, the team has
just finished compiling this month's IT priorities data. The big news
is that what happened last month with security is now pretty much
undone. It is back in the top 5 list, just barely edging out IT
management for the fifth position (it was in fourth back in July).
Software infrastructure and hardware upgrades also swapped positions
and are in second and third respectively. As usual, wired and
wireless projects are up on top as organizations buy into data and
voice network convergence and install wireless networking equipment.
Overall, things are looking good. According to the US Commerce
Department, in Q2 2005, businesses spent 17.3% more on computers and
peripheral equipment than they did in Q2
2004.
http://www.linuxsecurity.com/content/view/120321
* Email security - what are the issues?
8th, September, 2005
As email becomes more prevalent in the market, the <a
href="http://www.net-security.org/article.php?id=816">importance of
email security</a> becomes more significant. In particular, the
security implications associated with the management of email
storage, policy enforcement, auditing, archiving and data recovery.
http://www.linuxsecurity.com/content/view/120331
* Popular policies: keeping storage secure
9th, September, 2005
Secure storage of data has always been essential for any
organisation, of whatever size. In the past this involved accurate
filing of paper records, and then keeping the physical archive secure
. whether it was simply locking a filing cabinet, or guarding an
entire building.
http://www.linuxsecurity.com/content/view/120345
* The Mobility Threat
5th, September, 2005
We live in an era where mobile devices are being used by all levels
of society. Today, it is fairly common to see a CEO or a school kid
carrying a PDA or mobile phone. According to a survey by Infocomm
Authority of Singapore (IDA), the penetration rate of mobile phones
in Singapore has grown to 91 percent in 2004. Sophisticated PDA
phones and other mobile devices such as the Blackberry are actually
miniaturised PCs and they have become
ubiquitous.
http://www.linuxsecurity.com/content/view/120300
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email newsletter-request@private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
_________________________________________
Attend ToorCon
Sept 16-18th, 2005
Convention Center
San Diego, California
www.toorcon.org
This archive was generated by hypermail 2.1.3 : Mon Sep 12 2005 - 23:50:25 PDT